What is claimed is: 



1. A central processing unit executing a 

program, comprising 

an encrypting unit encrypting a block, and 
decrypting an encrypted block, wherein: 

a first private key is concealed in secrecy; and 
said encrypting unit obtains from a first license 
a code decryption key for decrypting an encrypted block 
which configures a first program by decrypting with the 
first private key the first license of the first program, 
which is encrypted with a public key pairing with the 
first private key. 

2. The central processing unit according to 
claim 1, further comprising 
a cache, wherein 

said encrypting unit decrypts the encrypted block 
in units of cache when the encrypted block which 
configures the first program is output from a memory 
region to said cache. 

3. The central processing unit according to 
claim 1, further comprising 

a tamper resistant buffer that a user cannot 
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reference or falsify, wherein 

the code decryption key is recorded to said tamper 
resistant buffer. 

5 4. The central processing unit according to 

claim 3, wherein: 

the first license includes an access condition 
used when an execution process of the first program 
accesses a memory region; 
10 a TLB (Translation Lookaside Buff er) recording an 

address of the memory region, at which the encrypted 
block which configures the first program is recorded, 
and the access condition to the memory region, 
a memory managing unit, 
15 a cache, and 

a processor core are further comprised; 
said TLB and said tamper resistant buffer are 
linked; 

said memory managing unit obtains the access 
20 condition to the memory region from said TLB based on 
an address of a memory region, at which an encrypted 
block is recorded, and further obtains the code 
decryption key corresponding to the memory region from 
said tamper resistant buffer; 
25 said processor core determines whether or not an 
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access to the memory region is permitted to be made from 
the execution process based on the access condition 
obtained by said memory managing unit, and the access 
to the memory region is made from the execution process 
5 if said processor core determines that the access to 
the memory region is permitted to be made; and 

said encrypting unit writes to said cache a code 
obtained by decrypting the encrypted block within the 
memory region with the code decryption key obtained by 
10 said memory managing unit. 

5. The central processing unit according to 
claim 4, wherein 

the code decryption key and the encryption key 
15 used to encrypt the encrypted block are a same key. 

6. The central processing unit according to 
claim 4, wherein 

when a memory region accessed from the execution 
20 process of the first program switches from a first memory 
region to a second memory region, said memory managing 
unit further determines whether or not a code decryption 
key corresponding to the first memory region, which is 
obtained from said tamper resistant buffer, and a code 
25 decryption key corresponding to the second memory region 
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match, and an access is made to the second memory region 
from the execution process if said memory managing unit 
determines that the code decryption keys match, or the 
access to the second memory region is not made from the 
5 execution process if said memory managing unit 
determines that the code decryption keys mismatch. 

7. The central processing unit according to 
claim 1, wherein 

10 the first license is buried in the first program. 

8. The central processing unit according to 
claim 4, wherein: 

a different data encryption key is recorded to 
15 said tamper resistant buffer for each code decryption 
key; 

said encrypting unit records data within said 
cache to the memory region that is corresponded to the 
data decryption key by said TLB after encrypting the 
20 data with the data decryption key when recording the 
data to the memory region, and writes encrypted data 
within the memory region to said cache after decrypting 
the read data with the data encryption key when reading 
the encrypted data within the memory region. 



25 
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9. The central processing unit according to 
claim 8, wherein 

when data obtained by executing a first code is 
used by a second code, said processor core sets said 
TLB so as to provide the second code with an access right 
to a memory region to which the data is recorded, and 
also sets said TLB and said tamper resistant buffer so 
that the second code uses a data encryption key for 
encrypting the data when reading the data from the memory 
region. 

10. The central processing unit according to 
claim 4, further comprising: 

a register; and 

a register access control table for performing 
access control for said register, wherein 

said processor core controls sealing and release 
of said register with a sealing flag within said register 
access control table. 

11. The central processing unit according to 
claim 4, wherein 

when contents of said TLB is recorded to a page 
table within an external storage device, said encrypting 
unit affixes a signature to the contents to be recorded, 
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and verifies whether or not the signature is legal when 
contents of the page table is captured into said TLB. 

12. The central processing unit according to 
5 claim 3, wherein 

when contents of said tamper resistant buffer is 
recorded to an encryption key table within an external 
storage device, said encrypting unit encrypts the 
contents to be recorded. 

10 

13. The central processing unit according to 
claim 1, which is connected to a different central 
processing unit, wherein: 

a session key is obtained by making mutual 
15 authentication with the different central processing 
unit; and 

said encrypting unit encrypts contents of said 
cache with the session key, and synchronously transfers 
the contents to the different central processing unit. 

20 

14. The central processing unit according to 
claim 1, wherein 

said encrypting unit obtains a private key 
encryption key used when a second private key is 
25 encrypted by decrypting a second license added to a 
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second program with a public key before the first program 
is executed, and decrypts the second private key with 
the obtained private key encryption key. 

5 15. The central processing unit according to 

claim 14, wherein: 

an access condition indicating that only a read 
can be made from an execution process of the first 
program is added to the second license; and 
10 the second private key can be read only from the 

execution process of the first program. 

16. The central processing unit according to 
claim 14, wherein 

15 the second private key is encrypted with a data 

encryption key and recorded to a memory region. 

17. The central processing unit according to 
claim 3, wherein: 

20 said tamper resistant buffer records 

unable-to-output information indicating whether or not 
to output corresponding information within said tamper 
resistant buffer to an outside of said tamper resistant 
buffer, and cache lock information indicating whether 

25 or not to output corresponding information to an outside 
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of said cache; and 

a move of the first license between the first 
program and a different program is managed based on the 
unable-to-output information and the cache lock 
5 information. 

18. The central processing unit according to 
claim 1, wherein 

the first program is a trusted computing module. 

10 

19. The central processing unit according to 
claim 1, wherein 

the first program is a program for causing the 
central processing unit to implement an electronic 
15 wallet. 

20. The central processing unit according to 
claim 1, wherein 

the first program is a program handling personal 
20 information. 

21. The central processing unit according to 
claim 1, wherein 

the first program is a virus check program of a 
25 code installed in the central processing unit. 
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22. The central processing unit according to 
claim 1, wherein 

the first program is a mobile agent that moves 
among a plurality of central processing units. 

23. The central processing unit according to 
claim 1, wherein: 

the block which configures the first program 
includes hash verification requirement/nonrequirement 
information indicating whether or not verification of 
a hash value of the block is required; and 

a hash unit calculating the hash value of the block, 
and adding the hash value to the block based on the hash 
verification requirement/nonrequirement information, 
and 

a hash verifying unit verifying the hash value of 
the block based on the hash verification 
requirement/nonrequirement information are further 
comprised. 

24. The central processing unit according to 
claim 1, wherein: 

the block which configures the first program 
includes encryption requirement/nonrequirement 
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information indicating whether or not the block requires 
protection; and 

a protection block selecting unit determining 
whether the block is output either to said encrypting 
unit or to said cache or a memory region unchanged based 
on the encryption requirement /nonrequirement 
information is further comprised. 

25. The central processing unit according to 
claim 1, wherein: 

a header of an executable file of the first program 
includes an encrypted block bitmap indicating a 
configuration of the block which configures the first 
program; and 

a protection block selecting unit determining 
whether the block is output either to said encrypting 
unit or to a cache or a memory region unchanged based 
on the encrypted block bitmap is further comprised. 

26. The central processing unit according to 
claim 1, wherein: 

a start of a code of the first program is a code 
which specifies that a plurality of blocks configuring 
the first program are a repetition of a combination of 
a plain text block and an encrypted block, and also 
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specifies a number of successive plain text blocks, and 
a number of successive encrypted blocks in the 
combination; and 

said processor core determines whether the block 
5 is output either to said encrypting unit or to said cache 
or a memory region unchanged by executing the code. 

27. The central processing unit according to 
claim 2, further comprising 
10 between said cache and a memory 

a cache line via said encrypting unit, and 
a cache line not via said encrypting unit. 



28. A computer comprising a central processing 
15 unit which comprises an encrypting unit encrypting a 
block, and decrypting an encrypted block, wherein: 

a first private key is concealed in the central 
processing unit in secrecy; and 

said encrypting unit obtains from a first license 
20 a code decryption key for decrypting an encrypted block 
which configures a first program by decrypting with the 
first private key the first license of the first program, 
which is encrypted with a public key pairing with the 
first private key. 



25 
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29. An IC card comprising the central 
processing unit which comprises an encrypting unit 
encrypting a block, and decrypting an encrypted block, 
wherein : 

5 a first private key is concealed in the central 

processing unit in secrecy; and 

said encrypting unit obtains from a first license 
a code decryption key for decrypting an encrypted block 
which configures a first program by decrypting with the 
10 first private key the first license of the first program, 
which is encrypted with a public key pairing with the 
first private key. 

30. The IC card according to claim 29, wherein 
15 the first program is a program for implementing 

a security function of the IC card. 

31. The central processing unit according to 
claim 1, which is mounted in a robot, wherein 

20 the first program is a control program for 

controlling the robot. 

32. A recording device in which is recorded a 
program for causing a central processing unit to execute 

25 a process of a control for giving authorization to 
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execute a protection program, wherein, the protection 
program to be encrypted with a code encryption key, and 
a license, which includes the code encryption key and 
is encrypted with a public key pairing with a private 
5 key comprised in secrecy within the central processing 
unit, is provided in correspondence with the protection 
program, the process comprising: 

entering the license into the central processing 
unit before the central processing unit executes the 

10 protection program; 

causing an encrypting unit comprised by the 
central processing unit to obtain the code encryption 
key from the license by decrypting the license with the 
private key; and 

15 causing the encrypting unit to decrypt the 

protection program with the code encryption key. 

33. A program execution authorization method 
giving authorization to execute a protection program 

20 to a central processing unit, wherein, the protection 
code program is encrypted with a code encryption key, 
and a license, which includes the code encryption key 
and is encrypted with a public key pairing with a private 
key comprised within the central processing unit, is 

25 provided in correspondence with the protection program, 
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comprising : 

causing the central processing unit to obtain the 
license before executing the protection program; 

causing the central processing unit to obtain the 
5 code encryption key from the license by decrypting the 
license with the private key; and 

causing the central processing unit to decrypt the 
protection program with the code encryption key. 

1° 34 . A computer-readable storage medium on which 

is recorded a program code executed by a computer, 
wherein : 

the program code is encrypted with a code 
encryption key; 

15 a license, which includes the code encryption key 

and is encrypted with a public key paring with a private 
key comprised in secrecy within a central processing 
unit comprised by the computer to execute the program 
code, is provided in correspondence with the program 

2 0 code; 

the license is entered into the central processing 
unit before the program code is executed; 

the license is decrypted with the private key by 
the central processing unit; and 
25 the program code is decrypted with the code 
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encryption key obtained from the license by the central 
processing unit* 

35. A program generating device generating a 
5 program executed by a computer having a private key 
concealed in secrecy, and an encrypting unit performing 
encryption and decryption, comprising: 

an inputting unit inputting a code object, 
a linker preprocessing unit dividing the input 
10 code object into a plurality of blocks, and adding an 
NOP instruction to each of the plurality of blocks, 
a linker unit making an address resolution, 
a protection code executable format generating 
unit generating a protection code executable format by 
15 encrypting each of the plurality of blocks with a code 
encryption key, and 

a license generating unit generating a license 
that includes the code encryption key and is encrypted 
with a public key pairing with the private key, wherein: 
20 the license is entered into the central processing 

unit before the computer executes the protection code 
executable format, and decrypted with the private key 
by the encrypting unit; and 

the protection code executable format is 
25 decrypted with the code encryption key obtained from 
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the license by the encrypting unit. 

36. A central processing unit executing a 

program, comprising 
5 encrypting means for encrypting a block, and 

decrypting an encrypted block, wherein: 

a first private key is concealed in secrecy; and 
said encrypting means obtains from a first license 

a code decryption key for decrypting an encrypted block 
10 which configures a first program by decrypting with the 

first private key the first license of the first program, 

which is encrypted with a public key pairing with the 

first private key. 

15 37. A program product having a program for 

causing a central processing unit to execute a process 
of a control for authorization to execute a procetion 
program, wherein, the protection program to be encrypted 
with a code encryption key, and a license, which includes 

20 the code encryption key and is encrypted with a public 
key pairing with a private key comprised in secrecy 
within the central processing unit, is provided in 
correspondence with the protection program, the process 
comprising : 

25 entering the license into the central processing 
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unit before the central processing unit executes the 
protection program; 

causing an encrypting unit comprised by the 
central processing unit to obtain the code encryption 
5 key from the license by decrypting the license with the 
private key; and 

causing the encrypting unit to decrypt the protection 
program with the code encryption key. 

10 38. A program product having a program code 

executed by a computer, wherein: 

the program code is encrypted with a code 
encryption key; 

a license, which includes the code encryption key 

15 and is encrypted with a public key paring with a private 
key comprised in secrecy within a central processing 
unit comprised by the computer to execute the program 
code, is provided in correspondence with the program 
code ; 

20 the license is entered into the central processing 

unit before the program code is executed; 

the license is decrypted with the private key by 
the central processing unit; and 

the program code is decrypted with the code 
25 encryption key obtained from the license by the central 
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